Information Security Compliance Analyst

Job Description:

The Information Security Compliance Analyst will be responsible for compliance and audits, focusing on the Cyber aspects of each. They will work closely with Tech Compliance, IT to ensure cyber controls are in place, spearheading any requests from Tech Compliance or external regulatory auditors to ensure a successful outcome. This individual will focus on ISO27001 providing assistance to the Director of Cyber Security, in ensuring all documents/policies/standards/SOPs are up to date. In addition, assisting with TPDD's TRA's and PIA, following up on open Risks and reducing SDS's threat area. The role holder will work with other areas of Technology to ensure there is no compliance drift throughout the year to ensure SDS is in good stead leading up to SDS annual jurisdictional audits. They will also focus on improving automation to ensure compliance tasks and controls relating to Cyber are as automated as possible.
This role reports to the Director, Cyber Security and Assurance.

Essential Duties & Responsibilities

• Support Cyber Security programs with regards to industry standard certifications, regulatory licensing for SDS.
• Liaise with all areas of the business to ensure cyber security standards are being adhered to.
• Work with the methodology of shifting security to the left.
• Manage internal and external security assessments and risk analysis'.
• Perform ongoing audit testing of controls.
• Implementation of automation control assurance monitoring.
• Work with the Technical Compliance team with regards to regulatory audits and compliance.
• Make recommendations regarding policies, standards and guidelines. Assist in the creation of Cyber Security standard operating procedures (SOPs).
• Support Cyber Security and the business to implement and maintain ISO27001 certification.
• Carry out annual review of policies and standards.
• Participate in the TRA process (Threat Risk Assessment) for new projects and applications.
• Assist in closing out audit items and continuous monitoring of risk assessment plans.
• Other reasonable duties as requested by management

Company Standards of Conduct

All SDS Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company's standards, work requirements and rules of conduct.

Minimum Qualifications

• Bachelor's degree in related field of Computer Science / Information Science preferred or equivalent work experience.

• A minimum of three (3) years' experience managing Security and/or Technical projects.

• Experience with Cyber Security related technologies and large enterprise implementations is essential

• Hold a valid CISSP, CISA , CISM or equivalent (highly desirable)

• While this will does not require a full technical knowledge set, an understanding of Technology concepts is required, along with deep understanding of frameworks such as NIST, CIS, in addition to GDPR, ISO27001-2022, ISO 270013

• Excellent interpersonal skills with the ability to communicate well with all levels of employees

• Highly organised with the ability to work under pressure and consistently meet deadlines

• Team player with the ability to work on own initiative with limited guidance